FREE NEWSLETTER
Go to main Forum page »
This is going to seem dark, but it’s not my intention to scare anyone, but I’ve had an through about our operational security as investors that I can’t shake.
We’re all already doing complex passwords and two-factor authentication, which I completely agree with. Be as safe as you can. But how can any of us fully protect against a home invasion type attack where we’re coerced by force to divulge passwords. Allow me to explain.
Imagine the worst (Heaven forbid, poo, poo, poo). Criminals invade and take you and your family hostage in your home. These criminals, however, are not interested in your costume jewelry or even your safe (although they’ll take that too). These criminals know that you have an account at X bank or Y brokerage (or even if they don’t know, they force you to tell them).
At gun or knife point they force you to login to your accounts and transfer funds to an account of their choosing. But won’t those transfers take days, you ask? Even if they do, where are they going? You’re tied up in the basement and they are living in your house until the transactions clear.
This scenario isn’t pure fantasy. It has actually happened to very wealthy targets. But why should this be reserved to the extremely wealthy who even more likely than ordinary people to have robust physical security?
How can this be prevented? Some might say to hunker down and buy a lot of guns and ammo. That’s fine, but the truth is no one can be 100% secure. At some point you’ll leave the house or mow the lawn and you’re exposed. Bottom line, if someone really wants to get into your house they can. Heck, they’d probably just ring the doorbell and pretend to be selling siding.
The only thing I can think of would be for financial institutions to permit their customers to enter a dummy password specifically designed for these situations. When you login, a fake account screen is created and any transactions “made” are not real, but appear completely real to the observer. Upon login, police can be altered to your location. I’m not sure if any financial institutions currently offer this or how this idea would go over.
You probably won’t believe me, but I’m actually not a paranoid person or even a worrier, but I’m having trouble seeing why this kind of crime would not become more common.
One example of a gaping hole in 2 factor authentification. If you have Verizon cable TV and cell phones in the same account, which is how you get the discount rate, then you have the same password for everything. Your 2 factor authentification account name and password is the same as what you’d use to sign in to watch HBO from a TV in a hotel room. Beware.
I really worry about this with AI. I fear it taking over my account and draining it.
It’s one reason I grudgingly pay my .30% to VG for the human/robot assisted Advisor. I don’t like spending that for such a basic five ETF Portfolio but I’ve come to look at it is one more bit of insurance.
I can’t make any Portfolio changes without his concurrence.
Thought provoking article. I emailed my Schwab account rep the other day about how to prevent a(n) fraudulent ACATS transfer but have not heard from him. I think most financial institutions are not doing enough to protect their customers
A recent White Coat Investor podcast talked about ACATS fraud and how it’s hoped Vanguard will be adding a feature like Fidelity’s lockdown.
Most withdraws take a few days to process, so you’re ok unless they are going to hold you hostage for a few days…
A bigger, more likely scam, is family/other with some amount of financial control over your accounts, taking your funds when you are elderly.
But wouldn’t the crooks check tgeir accounts to make sure money was there brfore they let you go?
i read this week in NYT ( I think) of guy who googled “windows help” got hooked up with scammers by mustake and let them convince him to send them $85000 from Citi. Citi said tough noogies you sent it voluntairly
So I searched for the major ways people lose money. In summary, while personal financial mismanagement is common (the more usual arena covered by HumbleDollar), theft in its many forms (from digital scams to physical larceny and organized crime) is a major systemic and individual cause of financial loss.
Ben you missed your real calling. You would have made a great fiction writer. You’ve got a real talent. You’re correct, we will never be completely safe from any harm because we leave in a fallen world. But, no worries. As you said all we can do is what we can do and I think you’re making good choices about security (complex passwords and two factor authentication). All we can do is make good choices and have a good protocol in place. At the end of the day if we’re too preoccupied with all of the “what ifs” we will never really be able to enjoy what little wealth we may have achieved over our lifetime. The book of Ecclesiastes in the Bible, talks a great deal about this very topic. In essence, hard-earned wealth becomes vain if paranoia prevents relaxation, generosity, or gratitude. The book repeatedly shows that pursuing or hoarding riches “under the sun” (I’m sure you earned all of your wealth by hard-work, and diligence); apart from God-centered perspective leads to frustration. True enjoyment comes from accepting one’s lot with contentment and fearing God (Ecclesiastes 5:18-20; 12:13). I’m so glad to hear you’re not paranoid or a worrier in general. I say keep doing what you’re doing and enjoy what you have. None of us controls the future. If you haven’t already purchased some ID theft insurance that would cover your nest egg that might be something to consider. Enjoyed your article.
This is DARK, but I suggest you look at the bright side. A significant share of kidnappings globally are for ransom or extortion — in some analyses nearly 98% of abductions are financially motivated, and roughly 73% of cases are resolved by ransom payment. The real matter is only 20,000 occur globally out of 8 billion people, that percentage is about 0.00025%.
Things happen, so go back to thinking about how to invest for retirement you will be much better off, and enjoy trying to save a few million.
I am grateful I am rich and secure enough to worry about someone stealing my assets. Thanks for starting this discussion, Ben! (Is the alternative to be poor enough to only worry about stealing someone else’s assets? Is the messy middle both or neither?!)
The odds of something like this happening to most of us are probably low. That said, if someone breaks in and holds us at gunpoint, demanding our passwords, I’m probably going to cooperate as the alternative isn’t that attractive.
The bigger problem that most of us face are the constant scams and phishing attempts that we receive via the web. It seems as though barely a day goes by that a new and more clever attempt to defraud us lands in our mail box. It requires effort to stay up to date on what may be a scam and how to deal with it. I also worry that as I age, I will be come more vulnerable to these sorts of attacks.
I was vaccinated against complacency several years ago when I witnessed in real time as someone got control of my login credentials for my Wells Fargo account and used it to Zelle themselves $1000 to a recipient in Mexico. As far as I could tell, access was gained by social engineering and “helpful” Wells Fargo employee. I regained access to my account within 30 minutes, but the transfer was irreversible and Wells Fargo, first in a round of internal review and then in an appeal to the (now assassinated) CFPB, swore up and down that I gave money to the scammers, that their internal procedures and the Zelle system that they co-invented was impeccable, and this was on me. Most US financial institutions (Fidelity et al.) don’t have as many felony convictions against them as Wells Fargo. But it is apparent that the prevailing attitude across the industry is that security measures are a hassle and an optional expense, so they won’t do one scintilla more than what their lawyers tell them is minimally acceptable due diligence. The public should keep this in mind as the financial industry bleats about “costly regulation” meant to protect the bottom 90%.
Why, after two major scams at WF, is anyone still banking with them?
Good question. They are the worst by far of any bank.
A good summary of why I never use Zelle.
Ben,
A somewhat famous saying in the military is “Just because you’re paranoid doesn’t mean they aren’t out to get you…” (Also used by pilots referring to the FAA whose motto is “We’re not happy until you’re not happy!”) (JK my buddies in the FAA…jusssst kidding….)
Coming home with the grandkid to find you have an invader in broad daylight with your elderly mother walking into the house minutes earlier causing him to stop his ransacking and escape is not fun…not fun at all.
I do like the dummy(alerting) password idea! Brilliant!
Cheers
Start by not driving a Bentley. Haha
It’s funny the things we worry about. I’m quite sure the odds of being struck by lightning or hit by a tornado are substantially larger than the chances of this scenario impacting anyone here.
It’s a different story with prominent people, especially professional athletes. Pro football, basketball and soccer players have been targeted here and around the world by robbery gangs because of their known wealth and obvious schedules. They must take significant precautions.
While we’re worrying about unlikely but scary events, what about being kidnapped and held for ransom? I forget what caused me to come across the story of Jack Teich’s kidnapping, but I read several articles about it. Was disappointed that a family member, retired from the FBI but who was active in the area at the time, said he had no recollection of the case, and even thought I was talking about a wealthy family with a similar name. And here I thought I was gonna get inside info “never before released to the public.” 😐
https://en.wikipedia.org/wiki/Kidnapping_of_Jack_Teich
My crime reading indicates that home invasions are usually targeted: the criminals believe there are large assets in the house that they can obtain easy access to. Many home invasions seem to be committed by gang members upon other gangsters, whom they believe to be holding cash, drugs and jewelry. The rare risk for people who don’t have these assets is the case of an incorrect address (ie, they meant to rob the house across the street and instead invaded a home with nothing to take). The only way to avoid this risk, imho, is if you suspect your neighbors of serious illegal activity, move. A few years ago, a recently widowed friend confided some observations of her neighbors that were alarming. Then her dog died. She quickly sold her home, which was in a very small and secluded development. Probably had other reasons,but discomfort was a factor. Bad people attract other bad people.
One can learn to not trust people if you watch: Forensic Files and American Greed, or read sec.gov and finra.org. My wife had a friend answer their doorbell. It turned out to be a robbery and her friend didn’t survive.
Agreed. It always seems weird to me watching tv to see that people open the door without either looking or even asking who’s there – probably due to time limits on tv shows, but very unrealistic. My first home as a child was an apartment with a metal door and a peephole. You better believe my mother checked every time the bell rang (this was in the “low crime” 1950’s). Look at the poor MIT professor shot after opening the door this past weekend? But perhaps he recognized the individual as a fellow student from a couple decades ago …🙁
Don’t look rich.
Excellent advice. We have that covered to a large extent, mostly owing to our natures. We just aren’t big spenders or flashy in any regard. Our cars are 10 and 11 years old Japanese, non-luxury brands.
I asked my financial advisor that very question; why rob one person when you can rob the bank. Additionally, there’s always a huge push to put all assets in one brokerage house for simplicity, which is easily understood, but what’s if there’s a a major breach there where monies are transferred out, not just data stolen. Wouldn’t it seem more fiscally prudent to have 1/3 of your identical portfolio across theoretically vanguard, fidelity and Schwab. Many people do that with their cash across banks for the 250k FDIC, an extra layer of protection.
Actually, I do have my assets spread across 3 major brokerages. My primary concern is an extended outage due to a cyber security breach, probably causing a loss of access to my funds while things get sorted out. However, minimizing the amount available if one account became compromised is a secondary goal of the diversification. I don’t find having 3 accounts that much more effort to manage, but I really like not having all my eggs in one basket.
I made the same decision for the same reason.
I’d like to think of it as a black swan event, but it’s apparently not too far-fetched as this recent news item depicts: https://www.youtube.com/watch?v=sA6D3UuQAZI
The fact that it’s newsworthy at all is an indication of how rare the event actually is. I’d still suggest that the 40,000 yearly road deaths and the 200,000 life-changing injuries represent a much higher risk to your future wellbeing and financial health than the remote possibility of being held hostage and forced to transfer your portfolio to a third party.
I totally agree there are plenty more pressing matters to lose sleep over. Then again, this particular crime hit pretty close to home…
I agree with the other commentors that this isn’t something that probably needs to be worried about too much. However, you mention a possible solution that (you acknowledge) doesn’t exist, which essentially isn’t actionable. Also, even though you framed it as a home invasion threat, it could also happen while traveling (especially out of the country). So as a thought exercise, what do you think about having some decoy accounts? Real accounts, funded with believable but limited funds, that you’d transfer in such a situation. To be believable, the decoy accounts would have to be “complete” (ie. email, checking, and retirement account environment). A lot of work, but actually doable. Alternatively, it might be easier to “hide” one big account, using a separate dedicated email it’s associated with, while offering to the criminals your decoy account . Again, I don’t think it’s really warranted, but it is a strategy that one could implement if desired.
I like it. I’m still not clear on how this isn’t more plausible. But just raising it as an issue. I’m not really worried about it either for the record (which I tried to make clear in the post). Just a thought.
Wealthy and intelligent people sometimes get caught up in “black swan” dread. A quick reality check is helpful:
Why do I feel unsafe today?
Why this black swan event comes to mind at this time? especially when no one can predict a black swan?
Is there a practical solution to this black swan problem?
If yes, no need to worry.
If not, .. still no need to worry.
‘Tis the season for the Nutcracker, not for chasing swans.
I think the simple answer to your question is “no.” We can never be truly 100% safe. But doesn’t this apply to all areas of life? I feel there’s a greater chance of me dying in a car accident than being held hostage at gunpoint until I transfer my portfolio to a third party. I don’t spend much time worrying about the former, and I suspect I’ll spend even less time thinking about the latter.
Isn’t this where we depend on financial institutions anti-fraud measures to put a hold on unusual transactions? And the reason why I never assume any major transaction will be easy to complete online.
From the criminals’ perspective they might have to hit a lot of victims with a lot of risk of actual physical detection to get a true $1m+ payday. (Perhaps not if they hang around RDQ’s appt block). Far easier to do remote online fraud isn’t it?